Presentation is loading. Please wait.

Presentation is loading. Please wait.

CORPORATE RESILIENCE A Primer on Business Continuity Protecting the Capability to Deliver Products & Services Under a Wide Range of Adverse Conditions.

Similar presentations


Presentation on theme: "CORPORATE RESILIENCE A Primer on Business Continuity Protecting the Capability to Deliver Products & Services Under a Wide Range of Adverse Conditions."— Presentation transcript:

1 CORPORATE RESILIENCE A Primer on Business Continuity Protecting the Capability to Deliver Products & Services Under a Wide Range of Adverse Conditions Rick Wilson

2 Presentation Overview
Definitions & Objectives of a BCP Business Continuity Lifecycle Components of Business Continuity Embedding BCP In the Organization Participating in a BCP Exercise

3 Differentiating Disaster Recovery & Business Continuity
Backups Operational Level Hardware Storage Recovery Telecommunications Computer Recovery Technical Performance Single Discipline Infrastructure Resilience Business Processes Sr. Management Level Products / People / Profits Supply Chain Sustainability Human Communications Product / Service Recovery Company Performance Cross-Functional Organizational Resilience Resilience – Ability for an organization to Absorb, Response and Recover from a disruption How is value created in the organization and how is it maintained

4 Business Continuity Management
Why Listen to This Talk? As a Manager – How Do I Ensure Timely Delivery of Product & Services? As an Employee – Where Do I Fit? How Can I Contribute? In Between Jobs? – New Discipline, Founded in IT – BUT Broader Business Continuity Management will: Focus on Business Activities Identify WHICH Vulnerabilities Must Be Addressed – Not ALL Analyze How Value is Created and Maintained in an Organization Be a Discipline That Does NOT Go Away Business Evolves Company Organization’s Change Technology Accelerates Work Processes Customers Migrate Products are Added, Improved and/or Die Emphasize the Need for Resilience in Business Processes Be Applicable to Any Company

5 Evolution of Business Continuity
1970’s Disaster Recovery Sites DP / MIS – Tactical in Nature Hard to justify significant investment – for an event you hope never happens 1980’s Business Impact Analysis Shift the focus to the ‘Impact on Business’ Broaden the scope to include business risks and operational interruptions 1990’s Drop the Reference to ‘DR’ Rebrand to Business Continuity – more upbeat then recovery Standards evolving - Skill sets coalescing – Certifications emerged Y2K demonstrated dependence on single points of failure / single supplier 2000’s Codifying BCM (Business Continuity Management) Part of the “Family of Management Systems” standards PAS56 in UK, NFPA 1600 in US, Handbooks in Australia and Asia Regulators: FSA in UK, APRA in Australia, Federal Reserve in USA Then 9/11 – Brought Business Continuity to the forefront National Standards and ISO 22399

6 Business Continuity Objectives
Business Continuity Defined Business Continuity Management (BCM) is a holistic process that identifies potential threats to an organization and the impact to business operations that those threats, if realized, might cause. BCM provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of key stakeholders, organizational reputation, brand and value creating activities. Objective: Sustain Operations Through Non-Specific, Uncontrolled Environmental Events Prepare for the impact of interruptions in Power, Flood, Storms, whatever … Ensure the survival of the organization, protect its assets and control financial loss Minimize losses TO customers and the loss OF customers Facilitate the resumption of operations Provide for the safety of personnel and public – before, during & after a disruption

7 Business Continuity Lifecycle
Six Professional Practices of BCM In PMI & CISSP you would call these Domains or Bodies of Knowledge Business Continuity Lifecycle – from Business Continuity Institute

8 Business Continuity Business Continuity Protects the Business
Disaster Recovery is an IT Process Business Continuity Protects the Business BIA – Business Impact Analysis Assesses Time-Critical Processes Across the Organization Determines RTO / RPO for Each Process Ranks the Processes by Urgency Defines the Prioritized Recovery Path BCP – Business Continuity Plan Strategic BCP – Sr. Management & Incident Management Team Tactical BCP – Line Management for Delivery of Products & Services Operational BCP – Staff level Execution of Specific Recovery Steps Business Continuity provides the organization with the capability to continue to deliver the products & services essential to the existence of the firm.

9 Business Continuity Management – Lifecycle
BUSINESS CONTINUITY MANAGEMENT Program Progression: Exercise, Maintain & Review BCM Embedding BCM in the Organization Developing & Implementing a BCM Response - Build the BCPs Determining a BCM Strategy Decide the “What, How, When” BCM Program Management Understanding the Organization Create the Policy & BIA

10 Elements of the MASTER Business Continuity Plan

11 Elements Supporting the Business Continuity Plan

12 Hazard Matrix Defines the expected threats that could conceivably occur Projects probability of occurrence and severity to the organization Used by individual Departments to refine the threats they could experience in preparing their specific Continuity Recovery Plans. HAZARD Likelihood Occurrence SEVERITY Likely Unlikely High Medium Low Tornado Flood Air Crash Structural Collapse Disease Outbreak Civil Disorder Train Accident Utility Failure Power Failure Telecomm Failure Major Fire Extreme Weather Terrorist Threat Hazmat Earthquake Active Shooter Public Assembly Emerg Hostage Situation

13 BIA – Business Impact Analysis
Factors In Calculating Impact Value of the Asset (Function) Overall Impact if Asset is Lost Tangible Impact Reduced Productivity Increased Expense Delay in Collecting $ Reduced Income Fines / Penalties Loss of Information Intangible Impact Loss in Reputation Loss in Trust Public Safety Regulatory Competitive Edge Compute Criticality [1-100] Sort to Arrive at Critical Path  Top 10 Processes ? Score Each Process Critical, High, Medium, Low

14 Elements Supporting the Business Continuity Plan

15 Tactical Continuity Recovery Plans
Department Continuity Recovery Plan - SAMPLE Evacuation and Fire Safety Plan Incident task list to follow Instructions on communications in crisis Emergency GO-BELT makeup Building Wardens Building Evacuation Diagram Department Staff Call List Emergency Services Contact List Alternate locations & staff assignments Critical tasks to execute & task timing Contact list for Key team members Contact list for Key customers (optional) Essential equipment list & software list Supplies list Vendors list Vital records list

16 Elements Supporting the Business Continuity Plan

17 Allocation of Departments Across Alternate Sites
Conducted Physical Inspection & Assessment Inspected Remote Sites Power Reliability Availability of Generator Distance From Corporate Distance From Operations Bathrooms / Kitchen Flooding or Septic Issues Hotels Nearby Food Stores Nearby Parking available Mass Transit Nearby Tables / Chairs # People Accommodated Technology In Place ?

18 Allocation of Departments Across Alternate Sites
Allocated Departments to Alternate Sites Departments Across the TOP – Facilities DOWN the Side Staff Size: Normal / Emergency – Home Location Primary Alternate Site w/ People Count – Secondary & Tertiary Site Choices Requisite Upgrades of Technology Noted Total Counts – PRIMARY, SECONDARY, TERTIARY Usage (not shown)

19 Applications Per Department
Inventory Applications Used by Each Department Usage Level – High, Medium, Low Client / Server or Web Based Application Name Departments Used How to Make the Application Available

20 Elements Supporting the Business Continuity Plan

21 Business Continuity Management – Lifecycle
First Iteration First Iteration of BCM INITIAL BC PROJECT OBJECTIVE: Complete a Full BCM Lifecycle Each Step Builds on Previous Exercise, Maintain & Review BCM Embedding BCM in the Organization Developing & Implementing a BCM Response - Build the BCPs Determining a BCM Strategy Decide the “What, How, When” BCM Program Management ? Understanding the Organization Create the Policy & BIA

22 Business Continuity Maturity Model
Awareness & Effectiveness Increase with Each Iteration A W R E N S Improve the Organization’s Capability to Deliver Products & Services Improve Organizational Resilience EFFECTIVENESS

23 Embedding Business Continuity In the Organization
GOALS Ensure All Information in the Plan is Verified Ensure All Plans are Rehearsed Ensure All Relevant Personnel are Exercised BCM Maturity Strive to Embed Business Continuity in the Organization Awareness Initiatives Specialized Training Exercises – Table Top & Full Rehearsals Make BCM inherent in the Organization’s Normal Management Processes After the Initial Iteration [End of Year 1] Review BIAs for Changes in Assumptions Update Department CRPs for Alternate Locations, Department Coordinators, etc. Revisit Dynamic Data in Departmental Documents Verify Status of Lessons Learned from Past Events

24 Embedding Business Continuity In the Organization
AWARENESS INITIATIVE Ensure Each Department Is Oriented to Business Continuity Identify 15 Metrics Reflecting – BCM Awareness & BCM Effectiveness Attributes from Business Continuity Institute’s Good Practice Guidelines Does Staff know where to go? Metric 1 Does the Staff know what Tools to use? Metric 2 Know what tasks are time-critical? Metric 3 How to notify Next-of-Kin? Metric 4 Incorporate BCP into Process Change? Metric 5 Build BCP in to Job Desc / Perf Appraisal? Metric 6 Outstanding items from previous events? Metric 7 Contact Counseling during Emergency? Metric 8 Arranging for TEMP Accomodations? Metric 9 Dealing w/ Special Needs in Event? Metric 10 Do they Have Updated Dynamic Data? Metric 11 Extra Copies of Dept Recovery Plan? Metric 12 Review BIA for Change in Assumptions? Metric 13 Have they Considered "Sustainable" levels? Metric 14 Have they Engaged 3rd Parties in Exercixes? Metric 15

25 Embedding Business Continuity In the Organization
AWARENESS INITIATIVE Met with Each Department – Reviewed Awareness Attributes Scale of 0 – Graphed as to +37

26 Embedding Business Continuity In the Organization

27 Embedding Business Continuity In the Organization
EXERCISING THE BCP A BCP Cannot be Considered Reliable - Until it is Exercised Objectives: Develop Competence within the Staff Install Confidence in their Ability to Execute Impart Knowledge Essential in Time of Crisis Focus on MAXIMUM Benefit of Exercise MINIMUM Disruption to Business Types of Exercises Table Top Simulations Full Rehearsals (Evacuate the Building) Real-Life Exercise Example

28 Business Continuity Maturity
BCM throughout the Organization Continuous Improvement Engage Supply Chain In BC Exercise Embedding BCM Program in the Organization Demonstrate Effectiveness in Audit Program Managed Effectively BCM Documentation Current Activities Able to be Monitored Responsibilities Clearly Assigned Preparedness Ensured

29 Build and Use Your Business Continuity Plan
QUESTIONS Build and Use Your Business Continuity Plan

30


Download ppt "CORPORATE RESILIENCE A Primer on Business Continuity Protecting the Capability to Deliver Products & Services Under a Wide Range of Adverse Conditions."

Similar presentations


Ads by Google